As they grow all enterprises including merchants eventually need to implement an ERP system to co-ordinate their activities and maintain an up-to-the-minute picture of their business including the tracking of funds and product in and out.
One of the most popular server platforms for doing this was the IBM AS/400 introduced in 1988 and which has undergone much development and changes of name since then. Many large companies around the world are still happily running AS/400 systems and even more use its successors culminating in IBM’s current System i.
The problem many merchants using these systems have is what to do when it comes to updating their ERP systems and processing credit and other payment cards. Two main areas of concern present themselves including the security of cardholder information, particularly in card not present (CNP) transactions, and importing sales information into the ERP system.
Merchants sell their products through online stores running on a variety of platforms including WordPress, Magento and others including custom-built solutions. These user and mobile-friendly systems record transactions, generate invoices and process card payments but are often not integrated with the back end ERP system.
The common solution to this is to periodically update the ERP system with daily sales information by uploading batch files to the server. This situation is far from ideal because having duplicate sets of data gives rise to the possibility of errors occurring during the import/export process.
Integrating online transactions directly into the merchant’s back end system has the benefit there is only one set of data which reduces the possibility of error. Other benefits of direct integration are that stock levels update in real-time with all that implies, customer information is updated and transaction documents can have a uniform look and feel.
In many cases the systems processing the transactions are also not integrated with the business merchant account meaning transactions have to be uploaded and authorised in batches, usually once a day. Performing card authorisations in real-time results in lower card processing fees and is another strong argument for integrating backend, front-end and the authorisation process.
An even more serious problem facing merchants, whether or not they run on AS/400 or one of its descendants, is the question of securing cardholder information and the absolute need to be compliant with Payment Card Industry Data Security Standards (PCI DSS).
To become compliant, merchants have to complete Self-Assessment Questionnaires (SAQ) to determine how secure their card handling processes are and then to remedy areas where they fall short. The scope of PCI compliance varies in line with the merchant’s card-handling environment from being relatively quick and simple to long and arduous.
A merchant capturing and storing payment card information directly in their ERP and/or front-end systems, for example, would undergo a much more involved compliance process than one using a service provider such as Curbstone Corporation and storing those details offline.
The name of the game is for merchants to remove as much of their own IT infrastructure and process from the scope of PCI. This reduces the compliance burden and can also qualify the merchant for lower card processing fees because their transactions will be more secure.
We at Curbstone Corporation provide a service which directly integrates our merchants’ front-end and ERP systems while storing customer card information offline. We strongly recommend that all merchants, on IBM System i or not, to investigate the benefits of direct integration and offline storage.
Curbstone Corporation’s secure technology processes about $2.4 Billion per year for merchants on the IBM i (AS/400, iSeries) platform, for phone orders, e-commerce, and retail.